Reverts to changeset 435, and just add {% csrf_token %} to template forgot_pw.html, since CSRF protection seems to be only here (surely because of django.contrib.auth.views).
# i18n values (from database) to be translated
from django.utils.translation import ugettext as _
# generic roles
_(u'Observer')
_(u'Manager')
_(u'Editor')
_(u'Moderator')
_(u'Commentator')
_(u'Observer')
_(u'Participant')
# permissions
_(u'Can view text')
_(u'Can edit text')
_(u'Can create text')
_(u'Can delete text')
_(u'Can manage text')
_(u'Can create comment')
_(u'Can delete comment')
_(u'Can delete own comment')
_(u'Can view approved comment')
_(u'Can view own comment')
_(u'Can view unapproved comment')
_(u'Can edit comment')
_(u'Can edit own comment')
_(u'Can manage workspace')
_(u'Can view workspace')
# school roles
_(u'Teacher')
_(u'Student')
_(u'Individual student')